By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

training and consulting recently announced the launch of its Rails Security Audit.

The inspiration for launching the services is that we saw a need for customers to have independent software reviews.Justin Gehtland President and co-founderRelevance Inc.

This service focuses on helping enterprise companies identify security vulnerabilities in Rails applications. Relevance's audit team is comprised of senior Rails professionals who have strong backgrounds in security testing and risk management consulting.

"The inspiration for launching the services is that we saw a need for customers to have independent software reviews," said Justin Gehtland, president and co-founder of Relevance. "The more we recommended security audits to our customers, the more we realized we could provide the audits."

Such security audits are especially important as companies work to meet the June 30 deadline to comply with the PCI Data Security Standards. Requirement 6.6 of PCI DSS refers to application security and states that in order for companies to accept credit card transactions, they must either install a Web application firewall or complete a code review.

"It's important for customers to be aware of PCI DSS and understand it," Gehtland said. "Then they have to get past the cost-prohibitive parts of it. We're looking at this as a way to give assurance that they can know if their application meets their requirements for PCI DSS."

XSS Audit: Test of all endpoints exposed by the application to verify that scripts cannot be injected into the application. This reduces the risk of cross-site scripting (XSS), which can expose sensitive customer data, violate privacy, and lead to further compromises.

SQL Injection Audit: Test of all endpoints exposed by the application to verify that SQL cannot be injected into the database.

Fuzzing Audit: Crawl and index the application for fuzzing vulnerabilities. Fuzzing is an automated attack that bombards an entire application with bad data and verifies that the application responds appropriately.

Deployment Stack Audit: Test of the production environment and examination of key elements such as the operating system, web server and applicable databases.

The Rails Security Audit is generally completed in one week, and pricing is based on the size of the project and the amount of technical debt. A customized quote is produced after members of the Relevance team meet with prospective clients. Each audit provides enterprises with a detailed report summarizing vulnerabilities as well as outlining fixes.

In conjunction with the launch of the new service, Relevance has released its Tarantula tool to the open-source community. Tarantula crawls Rails applications and identifies data breaks that are vulnerable to fuzzing. For more information about the tool, visit http://opensource.thinkrelevance.com/wiki/tarantula.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy